For non-segwit inputs, the message that is signed is the current transaction with all input scriptSigs blanked out except for the current input that is being signed (or verified). For that particular input, the redeemScript is put into the scriptSig if one exists. If there is no redeemScript, the scriptPubKey of the output that was spent in that input is put in the scriptPubKey. At the end of the transaction you append a 4 byte little endian integer for the sighash type being used, in most cases, it's sighash all which is type 1. That is hashed once, then hashed again to get the value that is passed into the signing/verifying function.
For segwit inputs, read BIP 143.
Code:
CPubKey key = (normal or reverse?, le or be)03eafee16adb27d36dc89e4aae0d1b5e0f8ddb2c9136612dc733ec65b1db128cca
